GROUP-40 Modified commit-stage.yml to run tests without uploading to … #15
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Commit Stage | |
on: push | |
env: | |
REGISTRY: ghcr.io | |
IMAGE_NAME: grouphq/grouphq-ui | |
VERSION: ${{ github.sha }} | |
jobs: | |
build: | |
name: Build and Test | |
runs-on: ubuntu-22.04 | |
permissions: | |
contents: read | |
security-events: write | |
strategy: | |
fail-fast: false # https://github.com/cypress-io/github-action/issues/48 | |
matrix: | |
containers: [1] | |
node-version: [18.x] | |
steps: | |
- name: Checkout source code | |
uses: actions/checkout@v4 | |
- name: Set up Node.js ${{ matrix.node-version }} | |
uses: actions/setup-node@v3 | |
with: | |
node-version: ${{ matrix.node-version }} | |
- name: Cache Node modules | |
uses: actions/cache@v2 | |
with: | |
path: ~/.npm | |
key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }} | |
restore-keys: | | |
${{ runner.os }}-node- | |
- name: Install Dependencies | |
run: npm install | |
- name: Install Angular CLI | |
run: npm install -g @angular/cli | |
- name: Dependency vulnerability scanning | |
run: npm audit --audit-level high | |
- name: Checking code style | |
run: npx prettier . --check | |
- name: Checking code quality | |
run: | | |
npx ng lint | |
npx stylelint "**/*.css" | |
npx stylelint "**/*.scss" | |
# - name: Run Component Tests # Uncomment this step to upload test results to Cypress Cloud | |
# uses: cypress-io/github-action@v6 | |
# with: | |
# start: ng serve | |
# wait-on: http://localhost:4200 | |
# component: true | |
# browser: chrome | |
# record: true | |
# parallel: true | |
# env: | |
# CYPRESS_RECORD_KEY: ${{ secrets.CYPRESS_RECORD_KEY }} | |
# GITHUB_TOKEN: ${{ secrets.CYPRESS_ACTION_SECRET }} | |
- name: Run Component Tests | |
run: npm run ci:cy-run-component | |
- uses: actions/upload-artifact@v3 | |
if: failure() | |
with: | |
name: cypress-screenshots | |
path: cypress/screenshots | |
if-no-files-found: warn | |
- uses: actions/upload-artifact@v3 | |
if: failure() | |
with: | |
name: cypress-videos | |
path: cypress/videos | |
if-no-files-found: warn | |
# - name: Run E2E tests | |
# uses: cypress-io/github-action@v6 | |
# with: | |
# install: false | |
- name: Code vulnerability scanning | |
uses: anchore/scan-action@v3 | |
id: scan | |
with: | |
path: "${{ github.workspace }}" | |
fail-build: false | |
severity-cutoff: high | |
# - name: Upload vulnerability report | |
# uses: github/codeql-action/upload-sarif@v2 | |
# if: success() || failure() | |
# with: | |
# sarif_file: ${{ steps.scan.outputs.sarif }} | |
- name: Setup arkade | |
uses: alexellis/setup-arkade@v3 | |
- name: Validate Kubernetes manifests | |
run: | | |
arkade get kubeconform | |
kustomize build k8s | kubeconform -strict -summary -output json | |
package: | |
name: Package and Publish | |
if: ${{ github.ref == 'refs/heads/main' }} | |
needs: [build] | |
runs-on: ubuntu-22.04 | |
strategy: | |
matrix: | |
node-version: [18.x] | |
permissions: | |
contents: read | |
packages: write | |
security-events: write | |
steps: | |
- name: Checkout source code | |
uses: actions/checkout@v3 | |
- name: Set up Node.js ${{ matrix.node-version }} | |
uses: actions/setup-node@v3 | |
with: | |
node-version: ${{ matrix.node-version }} | |
- name: Cache Node modules | |
uses: actions/cache@v2 | |
with: | |
path: ~/.npm | |
key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }} | |
restore-keys: | | |
${{ runner.os }}-node- | |
- name: Install Dependencies | |
run: npm install | |
- name: Build Angular App | |
run: npm run build -- --configuration production && cp -r ./nginx/* ./dist/ | |
- name: Set up Pack CLI | |
uses: buildpacks/github-actions/[email protected] | |
- name: Package SPA | |
run: | | |
pack build ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.VERSION }} \ | |
--buildpack gcr.io/paketo-buildpacks/nginx \ | |
--builder paketobuildpacks/builder:base \ | |
-p dist | |
- name: OCI image vulnerability scanning | |
uses: anchore/scan-action@v3 | |
id: scan | |
with: | |
image: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.VERSION }} | |
fail-build: false | |
severity-cutoff: high | |
acs-report-enable: true | |
# - name: Upload vulnerability report | |
# uses: github/codeql-action/upload-sarif@v2 | |
# if: success() || failure() | |
# with: | |
# sarif_file: ${{ steps.scan.outputs.sarif }} | |
- name: Log into container registry | |
uses: docker/login-action@v2 | |
with: | |
registry: ${{ env.REGISTRY }} | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Publish container image | |
run: docker push ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.VERSION }} | |
- name: Publish container image (latest) | |
run: | | |
docker tag \ | |
${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.VERSION }} \ | |
${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest | |
docker push ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest |